RE: FTP Security Issue

From: Brian Allen (brian_at_biznetis.net)
Date: 07/13/04 

Date: Tue, 13 Jul 2004 07:29:14 -0700

Andrew,

   Yes, the prompt for user ID and password comes up.
However, no matter what user I type in, they are allowed
to write to the ftp site. Let me explain how I have
folder structure and permissions set. Under the C:\ there
is a folder named WebSites. Domain Admins has full
control, our custom Employee Group has read write and
execute, Creator Owner is listed but none of the
permission boxes are checked, Interactive group has List
Folder Contents, I_USR has Read, Network group has Read,
and the System group has Full Control. Now, under this
folder is a subfolder for each web site I create. These
folders have the same exact permission as the parent,
except I create a new AD User for the customer and give
Full Control access to there specific site folder. As I
mentioned before this has worked perfectly fine with our
old NT4 setup, and I don't see why it wouldn't work now.
Also, the Users group had read/write/execute for each
website folder, however, I've completely removed that
group and any user still has access.

- Brian Allen
>-----Original Message-----
>Domain Policys are not required to lock down IIS6 FTP
sites.
>
>When the user connects to the FTP site, are they getting
the prompt for
>user/pass?
>
>Check to see if the "Users" group has read permissions on
the folder and
>file.
>
>Are you testing from a machine which whomever is logged
in is NOT an admin
>in the domain, or that IIS server?
>Check your admin group on the IIS server and make sure
the user account
>your testing with isn't in there as well.
>
>Filemon from www.sysinternals.com should give you
definative information on
>who is authenticating to what file resource on the box.
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>Thanks!
>~Andrew Davis
>Microsoft PSS Security
>--------------------
>>Content-Class: urn:content-classes:message
>>From: "Brian Allen" <brian@biznetis.net>
>>Sender: "Brian Allen" <brian@biznetis.net>
>>Subject: FTP Security Issue
>>Date: Thu, 8 Jul 2004 11:38:40 -0700
>>Lines: 18
>>Message-ID: <2931f01c4651a$c9ea0a10$a501280a@phx.gbl>
>>MIME-Version: 1.0
>>Content-Type: text/plain;
>> charset="iso-8859-1"
>>Content-Transfer-Encoding: 7bit
>>X-Newsreader: Microsoft CDO for Windows 2000
>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>Thread-Index: AcRlGsnqa/tSnTmPSwOTqbKXikGLwA==
>>Newsgroups: microsoft.public.inetserver.iis.security
>>Path: cpmsftngxa06.phx.gbl
>>Xref: cpmsftngxa06.phx.gbl
microsoft.public.inetserver.iis.security:13218
>>NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
>>X-Tomcat-NG: microsoft.public.inetserver.iis.security
>>
>>I'm having a problem locking down who can log into my
FTP
>>sites. I've set up a new 2003 server which is running
IIS
>>6. This server is part of a 2003 Active Directory
domain.
>>Now, the problem is, any user in my Active Directory has
>>full control access to any FTP site. This is really
>>confusing me since I have turned off anonymous access
for
>>every FTP site, and the folder permissions are set
>>correct. I'm familiar with setting permissions for web
>>servers on NT4, however, in IIS 4 there was options in
the
>>properties of the FTP site to specify exactly which
users
>>in your domain could access that FTP site. In IIS 6,
all
>>I see is the option to turn off anonymous access and
>>that's it, so I'm guessing it should then use folder
>>permissions.... but that doesn't seem to be the case.
Are
>>there any Domain Policies you have to edit to lock down
>>your FTP site access?
>>
>>- Brian Allen
>>
>
>
>
>
>.
>

Relevant Pages

  • ftproot permissions
    ... and the local user account (customer account), ... when user Bob logs into the FTP site, they are directed to their folder ... Now, we have an issue with permissions, where authenticated users using ...
    (microsoft.public.inetserver.iis.security)
  • Re: Write Access
    ... >permissions for the users and didn't have any luck with that. ... Configure the FTP folder structure appropriately for whatever ... FTP site. ... grant Read and Write access through the check boxes in the Home ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: IIS 5, FTP, Different access permissions for different users
    ... with IP restricted 'intftp' login access, ... one thing i guess you don't need is the 'intftp' virtual directory. ... > My objective is to have internal users login> in as intFTP to write to outgoing folder and read ... > original default FTP site and created underthe new intFTP FTP site. ...
    (microsoft.public.inetserver.iis.security)
  • Re: FTP P
    ... I'm not really sure if I'm in user isolation mode, ... I run the IIS FTP Sites Wizzard to add a new FTP Site. ... that I defined previosly and have the full rights for this folder. ... If I delete the complete user, still delete for the other Virtual Directory. ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Digital transfers question. On topic. Geez. Whod have thunk it?
    ... I set up my own FTP site with a free download, ... computer and is immediately in a folder on his computer. ... I went over to the doctors office and interfered with that. ...
    (sci.med.transcription)
Quantcast